20 Aug 2018
Businesses purchase peace of mind for many things. Insurance for buildings, equipment, professional liability… You can insure just about anything, and we now seem to be entering an age where we can insure data against loss or theft. But is it really worth it?
Here we take a closer look at this relatively new phenomenon of data insurance, and whether there might be better ways to protect against the monetary costs of data loss or compromise.
The truth is, it can actually mean all sorts of things, depending on who you ask. Definitions of data loss, cyber protection and ransomware attacks can differ significantly according to those that provide the insurance. However, in basic terms, cyber insurance works like any other insurance in that you pay a premium for protection against the financial implications – in this case, of lost data, hacking and ransomware. Sounds reasonable, right? Especially when those implications can be significant if you lose sensitive data through IT failures or hacking. The reputational damage in itself can be crippling, and in some cases data loss can incur big fines and even instigate legal action from affected individuals or organisations.
But here’s the thing… surely a robust cloud backup from a trusted provider, who will also have their own data loss insurance, is not only the sensible thing to do in the first place, but also means you’ve no real reason to purchase cyber or data loss insurance? Maybe…
It all boils down to who is ultimately responsible for protecting that data. If you’ve taken the utmost care to keep that data secure with a capable and trusted cloud backup provider – preferably with encryption – then arguably you’ve invested wisely enough. Provided you scrutinise your cloud backup provider’s credentials and make sure they offer certain assurances regarding the security of the data you entrust to them, you shouldn’t need to also pay for data loss or cyber insurance. You’ve pretty much done that already.
The other thing to bear in mind, is that it’s better to make sure you keep your data secure, than lose it and have to make an insurance claim. All your insurance will do is pay out a nominal amount to help you deal with the fallout, which can be far more than a financial concern. How much value can you actually put on your data, and the loss of time to try to recreate it all? Many would argue the data is actually priceless.
Ransomware is worth a mention here, as some might seek insurance against the financial demands made by hackers to ‘release’ your data. Again, this is a kind of false economy, as the best ‘policy’ is to protect your data with secure cloud backups and apply simple encryption. With a cloud backup you can simply restore the kidnapped data and there’s no real reason to pay a ransom. Just make sure you find out how you were infected by ransomware in the first place and put steps in place to prevent it .
Essentially, cyber insurance isn’t really necessary if you have a robust cloud backup system in place, with encryption if your data is sensitive. In some ways, cloud backups and cyber insurance amount to the same thing. They both aim to help you recover from data loss, and you need to invest in it. However, many cyber insurance products don’t cover you for some crucial elements, (such as employee errors) and many come with complex conditions and exclusions that make it difficult to understand what your premiums cover. This isn’t necessarily the insurers trying to wriggle out of remuneration – cyber security is evolving faster than ever, so it’s understandable that insurers are wary of what to cover, and perhaps struggling to keep pace with the threats they claim to protect you against. This is why the list of exclusions in the fine print continues to grow, and why cyber insurance policies can become out-dated quite quickly. It’s a really difficult phenomenon to insure.
Provided you regularly assess whether your cloud backups are appropriate for the data your business creates, they should be more effective than cyber insurance. If you experience data loss, the horse has already bolted, and you may find cyber insurance doesn’t even cover the financial implications. As long as a data breach isn’t due to your negligence – by not having a sensible cloud backup solution in place – you’ve probably done all you can. Also, your backup provider will likely assume significant responsibility if your data is in their cloud servers.
So, it seems an appropriate backup solution will protect you in ways cyber insurance might not. In effect, it is your insurance. It’s perhaps the best way to ensure data loss prevention and achieve peace of mind. A reputable provider of cloud backups and encryption services will offer certain guarantees about security – all you need to do is find the provider and solution that best matches your needs, and ideally automate backups so you know data is replicated in the cloud even if your hardware or software fails. That can be sorted while your data waits to be recovered.
So, while data loss or cyber insurance might have some appeal, it can struggle to match the peace of mind that a robust cloud backup solution offers. Not because insurers are tricksters – simply because cyber security is such a constantly changing phenomenon. Maybe that’s why the best cloud backup providers don’t tend to offer cyber or data loss insurance policies…